CVE-2025-39893

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-39893
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39893.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-39893
Downstream
Published
2025-10-01T07:42:42.344Z
Modified
2026-03-13T02:48:31.773216Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
spi: spi-qpic-snand: unregister ECC engine on probe error and device remove
Details

In the Linux kernel, the following vulnerability has been resolved:

spi: spi-qpic-snand: unregister ECC engine on probe error and device remove

The on-host hardware ECC engine remains registered both when the spiregistercontroller() function returns with an error and also on device removal.

Change the qcomspiprobe() function to unregister the engine on the error path, and add the missing unregistering call to qcomspiremove() to avoid possible use-after-free issues.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39893.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7304d1909080ef0c9da703500a97f46c98393fcd
Fixed
e4de48e66af17547727bb2e4b1867952817edff7
Fixed
1991a458528588ff34e98b6365362560d208710f

Affected versions

v6.*
v6.14
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.16.1
v6.16.2
v6.16.3
v6.16.4
v6.16.5
v6.17-rc1
v6.17-rc2
v6.17-rc3
v6.17-rc4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39893.json"